Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 Setup Question/issue

    IPv6
    3
    5
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dpedu
      last edited by

      Hey,

      I installed a fresh copy of pfSense 2.1.3 today, and am attempting to set up IPv6.

      My host provided me with a /64. For the purpose of this post that will be 2607:8675:309:8888::/64.

      In the web interface, I have configured the WAN interface as static, with the address 2607:8675:309:8888:1000::/68. The LAN interface is 2607:8675:309:8888:2000::/68.

      The gateway on the WAN interface is set to the value provided by my host. When I am in the pfSense shell, I can ping out to hosts on the internet just fine.

      I have DHCPv6 enabled on the LAN side, with the dhcp range being 2607:8675:309:8888:2000:: to 2607:8675:309:8888:200f::. I changed nothing else from the defaults, aside from setting Google's DNS servers.

      Router advertisements on the LAN side is set to "Managed".

      In the pfSense shell, I can ping out to the internet, and to hosts on the LAN side who received addresses assigned by DHCPv6. From hosts on the LAN side, they can ping pfSense's LAN interface, but not out to the internet.

      This is where I'm stumped. Any help would be greatly appreciated!

      Edit: I do have the LAN firewall rule for IPv6 set/enabled (this exists by default in 2.1+).

      Edit2: After a discussion in the pfSense IRC, I learned that /64 is the smallest subnet that "should" exist and SLAAC/Router Advertisement will not work on anything smaller than a /64. Does this mean I'm SOL?

      1 Reply Last reply Reply Quote 0
      • P
        priller
        last edited by

        Sounds like same issue that was being discussed here:  https://forum.pfsense.org/index.php?topic=76319.0

        No solution.

        1 Reply Last reply Reply Quote 0
        • R
          razzfazz
          last edited by

          @dpedu:

          Edit2: After a discussion in the pfSense IRC, I learned that /64 is the smallest subnet that "should" exist and SLAAC/Router Advertisement will not work on anything smaller than a /64. Does this mean I'm SOL?

          You could configure pfSense as a transparent firewall; see this thread for some pointers.

          1 Reply Last reply Reply Quote 0
          • R
            razzfazz
            last edited by

            Also, the reason your LAN-side hosts can't talk to the outside world is most likely actually exactly the opposite: The outside world does not know how to get to your LAN; your ISP won't know that packets for 2607:8675:309:8888:2000::/68 have to be routed to 2607:8675:309:8888:1000::/68.

            If you don't want to go the transparent firewall route, you might be able to make this work by having your pfSense box act as an NDP proxy for the machines behind it.

            EDIT: NDP proxy still won't solve the issue of SLAAC not working on anything smaller than a /64, though. Tho I guess you might be ok if all your clients support DHCP6?

            1 Reply Last reply Reply Quote 0
            • D
              dpedu
              last edited by

              Hey, thanks for the replies. I'll look into setting it up as a transparent firewall.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.